{"id":"CVE-2023-26056","summary":"XWiki Platform allows macro execution as any user without programming rights through the context macro","details":"XWiki Platform is a generic wiki platform. Starting in version 3.0-milestone-1, it's possible to execute a script with the right of another user, provided the target user does not have programming right. The problem has been patched in XWiki 14.8-rc-1, 14.4.5, and 13.10.10. There are no known workarounds for this issue.","aliases":["GHSA-859x-p6jp-rc2w"],"modified":"2026-04-10T04:56:12.271252Z","published":"2023-03-02T18:44:00.363Z","database_specific":{"cwe_ids":["CWE-863"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/26xxx/CVE-2023-26056.json","cna_assigner":"GitHub_M"},"references":[{"type":"WEB","url":"https://jira.xwiki.org/browse/XWIKI-19856"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/26xxx/CVE-2023-26056.json"},{"type":"ADVISORY","url":"https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-859x-p6jp-rc2w"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-26056"},{"type":"FIX","url":"https://github.com/xwiki/xwiki-platform/commit/4b75f212c2dd2dfc5fb5726c7830c6dbc9a425c6"},{"type":"FIX","url":"https://github.com/xwiki/xwiki-platform/commit/bd34ad6710ed72304304a3d5fec38b7cc050ef3b"},{"type":"FIX","url":"https://github.com/xwiki/xwiki-platform/commit/dd3f4735b41971b3afc3f3aedf6664b4e8be4894"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/xwiki/xwiki-platform","events":[{"introduced":"804f16c0efbf6ba3d08c7ad780b81b7203741d8c"},{"fixed":"61a67f5cf241df692779d77367168e0762119091"}],"database_specific":{"versions":[{"introduced":"3.0-milestone-1"},{"fixed":"13.10.10"}]}},{"type":"GIT","repo":"https://github.com/xwiki/xwiki-platform","events":[{"introduced":"198ef99386911c0f7af11a0957092d349961e3a6"},{"fixed":"a9b53c5da579065a53382ba78de1c5d62bf6f601"}],"database_specific":{"versions":[{"introduced":"14.0-rc-1"},{"fixed":"14.4.5"}]}},{"type":"GIT","repo":"https://github.com/xwiki/xwiki-platform","events":[{"introduced":"ab4dfeaeef13360eebcaa507bc652073aa89a427"},{"fixed":"acc705b74de6b7cc24defcfa05edf6931c4cb12a"}],"database_specific":{"versions":[{"introduced":"14.5"},{"fixed":"14.8-rc-1"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-26056.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}]}